Method and System for Secure Device-To-Device Data Communications

1. A method of enabling wireless data communication between a first end-device and a second end-device without requiring the first end-device or the second end-device to be connected to a public Internet, the method comprising: receiving a request from a first application hosted on the first end-device to connect to a second end-device, wherein the second end-device is communicatively coupled to an access device via a first wireless network and wherein the access device is configured to transmit and receive data via a second wireless network; resolving the first application to the first end-device based on an application-to-host-device mapping; validating identity of the first end-device for connection to the second end-device or the access device; establishing a first secure wireless data communication channel between the first end-device and a first server; establishing a second secure wireless data communication channel between the first server and the access device; providing a first Internet Protocol (IP) address associated with the first end-device to the access device or the second end-device; providing a second IP address associated with the access device or the second-end device to the first end-device; and routing a data payload between the first end-device and the second end-device via the first and the second secure wireless data communication channels.

2. The method of claim 1 , further comprising the step of injecting network routing and firewall policies into the first server, the first end-device, the second end-device, or the access device.

3. The method of claim 1 , further comprising the step of inspecting the data payload at the first server.

4. The method of claim 3 , wherein the data payload is inspected based on a set of predefined rules or a historical traffic pattern to detect an anomaly.

5. The method of claim 4 , wherein the first or the second secure wireless data channel is torn down responsive to detecting the anomaly.

6. The method of claim 4 , wherein responsive to detecting the anomaly, an alert is transmitted to a designated recipient.

7. The method of claim 6 , wherein the alert is transmitted using a voice call, an email, a Short Message Service (SMS) message, a Multimedia Messaging Service (MMS) message, a Rich Communication Services (RCS) message, or a push notification.

8. The method of claim 1 , wherein the first or the second wireless data communication channel is established based on an Internet Protocol Security (IPSec), a Secure Sockets Layer (SSL), or a Transport Layer Security (TLS) Virtual Private Network (VPN).

9. The method of claim 1 , wherein the first end-device, the second end-device, or the access device functions as a Virtual Private Network (VPN) client and the first server functions as a VPN concentrator.

10. The method of claim 1 , wherein the first data communication channel or the second data communication channel is established based on a secure Server Density agent (SD-agent) deployed on the first end-device, the access device, or the first server.

11. The method of claim 1 , wherein setup requests to establish the first and the second secure wireless data communication channels are initiated via an independent control channel.

12. The method of claim 11 , wherein the independent control channel is created using a Transmission Control Protocol/Internet Protocol (TCP/IP).

13. The method of claim 12 , wherein the TCP/IP protocol is selected from the group consisting of a Hypertext Transfer Protocol Secure (HTTPS), a Representational State Transfer (REST), or a Message Queuing Telemetry Transport (MQTT) protocol.

14. The method of claim 11 , wherein the independent control channel is established using a Short Message Service (SMS) or a Rich Communications Service (RCS) protocol.

15. The method of claim 14 , wherein the first end-device, the second end-device, or the access device is configured to process a command conveyed in a SMS or a RCS message.

16. The method of claim 1 , wherein responsive to detecting that a first secure wireless data communication channel has been disconnected, tearing down the second secure wireless data communication channel.

17. The method of claim 1 , wherein the second wireless data connection is established via a mobile network.

18. The method of claim 1 , wherein the access device is configured to communicate with a blockchain digital ledger, and wherein the blockchain digital ledger is configured to store a proof of ownership, connectivity credentials, or security policies associated with the access device.